Using custodian in accordance with infrastructure as code principles,
we store policy assets in a versioned control repository. This
provides for an audit log and facilitates code reviews. However this
capability is primarily of use to humans making semantic interpretations
of changes.

This script also provides logical custodian policy changes over a git
repo and allows streaming those changes for machine readable/application
consumption. Its typically used as a basis for CI integrations or indexes
over policies.

Two example use cases:

Doing dryrun only on changed policies within a pull request

Constructing a database of policy changes.

Policystream works on individual github repositories, or per Github integration
across an organization’s set of repositories.

Policy diff between two source and target revision specs. If source
and target are not specified default revision selection is dependent
on current working tree branch. The intent is for two use cases, if on
a non-master branch then show the diff to master. If on master show
the diff to previous commit on master. For repositories not using the
master convention, please specify explicit source and target.